Information Sharing Legislation Moves Forward

Monday, April 27, 2015

Legislative Activity

House Passes Two Information Sharing Bills

Last week, during what the House dubbed as “Cyber Week,” the chamber passed two major pieces of cybersecurity legislation that seek to update and authorize voluntary information sharing platforms that allow the federal government and the private sector to share information about cyber threat indicators they are seeing on their networks. The passage of these bills is an important step forward in passing meaningful cybersecurity legislation that will serve as a means to better protect the nation’s critical infrastructure.

While many expected countless amendments to be filed during the House Rules Committee process, ultimately 61 amendments were filed and only 16 were ruled in order. In quick succession, the House passed the House Intelligence Committee bill, H.R. 1560, the Protecting Cyber Networks Act, on Wednesday by a 307-116 vote. Then on Thursday, the House also passed the Homeland Security Committee’s National Cybersecurity Protection Advancement Act (H.R. 1731) by a 355-63 vote.

H.R. 1560 focuses on cybersecurity information sharing activities between the private sector and the Intelligence Community, including the US Department of Defense (DOD) and the Director of National Intelligence. The bill provides for targeted liability protections for private sector entities that choose to share information with the federal government regarding cyber threats. In addition, it includes a section on privacy and civil liberties to specifically address concerns from privacy advocates and requires multiple scrubs of data prior to sharing to remove personally identifiable information as a means to protect consumers.

The House passed five amendments, including a manager’s amendment to make technical changes, and would include language in the bill that would do the following:

Sunset the bill in seven years;

Direct the Small Business Administration (SBA) to provide assistance to small businesses;

Direct the Inspector Generals from the Intelligence Community, US Department of Homeland Security (DHS), US Department of Justice (DOJ) and DOD to report on procedures actually used to protect the private information; and

Direct the Government Accountability Office (GAO) to assess the actions of the federal government to protection privacy.

H.R. 1731 authorizes the information sharing activities with the private sector and DHS, a civilian agency. It also includes liability protections for companies that share information with the federal government, which prompted several amendments to be proposed to scale back the liability protections in the bill. The House Rules Committee did not approve the consideration of these amendments but did allow 11 amendments to be debated on the House floor. The House passed all 11 amendments which would do the following:

Sunset the bill in seven years;

Codify the establishment of the National Cybersecurity Preparedness Consortium made of universities and other stakeholders;

Provide cyber self-assessment tools for small and medium-sized businesses;

Direct the GAO to assess the impact of the bill on privacy and civil liberties;

Require a report to Congress on aligning federally funded cyber research with the private sector;

Require a report from DHS on the assessment of cybersecurity at risk ports;

Clarify the term “cybersecurity risk” and “cyber incident”; and

Authorize the existing Einstein 3A (E3A) program.

The White House issued a Statement of Administration Policy (SAP) for each bill, noting that it supports the House’s efforts to pass information sharing legislation. The SAPs did raise serious concerns by the White House over the current liability protection language. Specifically, the SAPs on both bills noted the White House’s concern that “the use of defensive measures without appropriate safeguards raise significant legal, policy and diplomatic concerns and can have a deleterious impact on information systems and undermine cybersecurity.” The SAPs also reiterated the need for incorporating privacy and civil liberties safeguards. However, the SAPs stopped shy of indicating if the changes were not made, the President may consider vetoing the bills.

Next Steps for Cybersecurity Legislation

The next steps for the bills are critical to note in order to understand how the process for moving information sharing legislation forward will unfold. While the House chose not to combine these bills prior to floor passage to have one comprehensive bill, it plans to combine the bills after final passage. From there, they will be sent over to the Senate for consideration.

The Senate Intelligence Committee previously passed its own information sharing legislation – the Cybersecurity Information Sharing Act (S. 754) – and is likely to move forward with considering the bill on the Senate floor in the next couple of weeks. Congressional leaders have indicated that they would like to have a final information sharing bill sent to President Obama by the Memorial Day recess, however the timeline is tight to achieve that goal.

An important part of this process will also be a determination in the Senate if they will allow comprehensive data breach bills to be added to its cybersecurity bill, which could potentially set up a complete overall to the nation’s competing state data breach laws.

Drawing from her background in policy analysis and project management, Amy Budner Smith provides policy guidance to and advocates on behalf of universities and colleges, hospital systems, and other public and non-profit organizations. She focuses on securing federal funding opportunities to support clients’ infrastructure improvements, program expansions and research, and other important community services. Ms. Smith also specializes in developing comprehensive strategic plans to raise clients’ national profile and counseling clients on the potential impact of federal...

As co-chair of the firm’s Homeland Security, Defense, and Technology Transfer Practice Group, Norma Krayem provides strategic advice on key issues in a range of areas, including homeland security, transportation, defense, international trade, environmental, and a host of appropriations issues for all aspects of critical infrastructure. She is also Global Co-Chair of Data Protection and Cybersecurity, focusing on the impacts of cyber risks on critical infrastructure (banking and financial services, energy, communications etc.) along with other sectors like universities and retail institutions. Ms. Krayem applies her extensive experience with key national issues in the policy-making arena based on over 20 years’ working in and with state, local, and federal government to help clients evaluate strategies to build and maintain a competitive edge. Ms. Krayem was elected to the Partnership in 2007.

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is www.NatLawReview.com intended to be a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional. NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us.

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.

The National Law Review - National Law Forum LLC 4700 Gilbert Ave. Suite 47 #230 Western Springs, IL 60558 Telephone (708) 357-3317 If you would ike to contact us via email please click here.